Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
@babel/helpers
Advanced tools
Package description
The @babel/helpers package is part of the Babel toolchain, which is primarily used for converting ECMAScript 2015+ code into a backwards compatible version of JavaScript in current and older browsers or environments. This specific package contains a set of functions that are used by Babel's transform plugins to avoid code duplication across generated output. These helpers are small snippets of code that perform common tasks used by the transformations, such as handling classes, spreading properties, etc.
Class handling
This code demonstrates a helper function used by Babel to ensure that a class is only instantiated with the `new` keyword, preventing incorrect usage.
"use strict";\nfunction _classCallCheck(instance, Constructor) { if (!(instance instanceof Constructor)) { throw new TypeError(\"Cannot call a class as a function\"); } }\nvar MyClass = function MyClass() { _classCallCheck(this, MyClass); };
Spread properties
This helper function is used to emulate the behavior of the object spread operator `{...obj}`, allowing properties from one or more source objects to be copied into a new object.
"use strict";\nfunction _extends() { _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return _extends.apply(this, arguments); }\nvar obj = _extends({}, sourceObj, { key: 'value' });
Similar to @babel/helpers, core-js is a modular standard library for JavaScript, including polyfills for ECMAScript up to 2021. While @babel/helpers provides functions to support the transformation process, core-js focuses on polyfilling new JavaScript features for older environments.
This package provides runtime support for generators and async functions, similar to how @babel/helpers supports various syntax transformations. It's often used in conjunction with Babel for projects that use generators or async/await syntax to ensure compatibility with older environments.
Readme
Collection of helper functions used by Babel transforms.
npm install --save-dev @babel/helpers
Direct:
import * as helpers from '@babel/helpers';
import * as t from '@babel/types';
const typeofHelper = helpers.get('typeof');
t.isExpressionStatement(typeofHelper);
// true
Inside a plugin:
export default {
visitor: {
UnaryExpression(path) {
// The .addHelper function adds, if needed, the helper to the file
// and returns an expression which references the helper
const typeofHelper = this.addHelper("typeof");
t.isExpression(typeofHelper); // true
}
};
NOTE: This package is only meant to be used by the packages inluded in this repository. There is currently no way for third-party plugins to define an helper.
Helpers are defined in the src/helpers.js
file, and they must be valid modules which follow these guidelines:
helpers.customHelper = defineHelper(`
import dep from "dependency";
const foo = 2;
export default function getFooTimesDepPlusX(x) {
return foo * dep() + x;
}
`);
FAQs
Collection of helper functions used by Babel transforms.
The npm package @babel/helpers receives a total of 23,587,661 weekly downloads. As such, @babel/helpers popularity was classified as popular.
We found that @babel/helpers demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.